Working here as of an hour ago.

@Mike-Davis do the guest really need the ability to print to every printer?

@Mike-Davis said in daisy chain Ubiquiti AC Pros?:

@DustinB3403 said in daisy chain Ubiquiti AC Pros?:

This is why you don't use pre-made cables.

What does it cost to have fiber terminated? $150/hr? Since this is in the mountains, I'm guessing the nearest city is 1.5 hours away, so drive time on top of that. I'm just guessing at the labor since I haven't ever had it quoted.

Right, so if oyu are confident that premade will pull in quantiy, then by all means go with it.

The good thing about fiber, is that it doesn't matter if you coil up the left over.

@scottalanmiller said in cordless VoIP:

@mike-davis said in cordless VoIP:

@jaredbusch said in cordless VoIP:

The W60P is $128 vs the W52P for $108.
What is it that makes you want to pay $20 more per phone?
edit: That is the cost of a single handset with a base station

Mostly I'd like to play with it. I'm willing to pay the extra $20 for that.

BTW, where are you getting those prices? Amazon prime is ~ $170 others are around $140 before shipping.

Probably Baltic

Bingo. They seem sto have the best "consistent" pricing. Sometimes Amazon is better, sometimes not, when shipping is added.

@jaredbusch said in URL filtering on EdgeRouter:

Well the correct way is not to try to shoehorn this into your edge router but if the site is small enough yes you can add the packages and do it this way

This would be for 4 computers and a server. Since the users won't be able to get on the internet and it's only windows updates and AV updates that will generate traffic, I think they will be OK.

Have you used this in a typical office environment? Where would you draw the line in terms of number of users/number of rules? I've never used the ER to filter on domains before.

For anyone curious, recovery mode does not even query DHCP.
0_1532740986246_93BA8716-236E-4B42-80F3-EC4CACCD776E.jpeg

@jaredbusch said in cloud ftp back up target:

@scottalanmiller said in cloud ftp back up target:

Any distro will work. FTP is a "generic" service that is the same between them. I'd use Fedora myself, but anything will be fine. Any standard distro you are already using is what I'd go with.

So would I. Just used the "CentOS" moniker because any black box he bought would likely be that or Ubuntu underneath.

I was going to say, I haven’t need to buy anything from someone for FTP.

@mike-davis said in new list of devices affected by VPNFilter exploit:

Scroll all they way down to the bottom. Two Ubiquiti wireless bridge devices are now on the list:
NSM2
PBE M5

https://blog.talosintelligence.com/2018/06/vpnfilter-update.html

Interesting although they are not routers I guess it affect multiple networking devices.

@JaredBusch I had no idea those adapters existed. I'll have to keep that in mind if I run in to a run where I can't pull the coax out while pulling a piece of Cat 6 behind it. Thanks for the link.

In this project most of the runs aren't too bad and they want to move the NVR anyways. If it's all IP based, that's no problem - the NVR only needs one network drop.

@mike-davis said in EdgeRouter not handing out addresses on VLAN:

What about this:
set service dhcp-server shared-network-name FSL_LAN authoritative disable

That was it. Thanks @JaredBusch - you the man.

@mike-davis said in KB4073701 kills QuickBooks:

@BBigford glad I could save you some troubleshooting time.

If you're using a Venmo style delivery for drinks and/or strippers, I am willing to contribute for your helpful post to the community that directly impacted me. It has to be explicitly used on something such as strip clubs that take this type of gift card or similar. I cannot, by my own community standards, simply send money to you directly which could be spent on anything. It has to be a payment method that is only redeemable in the form of alcohol and/or strippers.

@mike-davis said in MTU size > 1500:

The phone is a Polycom UC VVX410 in case anyone else is having this issue.

I have them and people with those limits have a side card too 🙂

You can use some SCAP tools to give you ideas of good hardening rules.

bkuwPrC.png

@mike-davis said in 802.1x wired security best practice:

For those that are running 802.1x device authentication for wired windows devices, do you have a port that bypasses authentication so that you can join your workstations to the domain and get the group policy to push the cert down?

Then just have a jack on your bench where you build new machines that lets you join it to the domain and get the cert before you put the machine out on the floor?

For devices like copiers, is there anything you can do besides MAC filtering that puts them in a copier VLAN?

Newer Copier do support 802.1x, see below for Xerox
0_1518009022039_2018-02-07_0809.png
Otherwise MAC Filtering is the way to go.

For the port, if we have MDT and WDS we have the ports without any authentication and then they are joined to the domain.

@matteo-nunziati said in ERP for small manufacturer w/web integration:

While I cant say about the mrp module quality odoo can be an option as well as openbravo.

But who will support them?

That can't be a challenge. Those are well known, especially odoo, get anyone you want to support them.

Basically I open SNMP for the printer monitoring aspect of it. For Printing just open port 9100.

@mike-davis said in question on security form:

I'm filling out a form for a government agency and it has the question below. Does this look like VLANS? I'm trying to figure out what they are looking for.

CONTROL#12 - BOUNDARY DEFENSE
Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data.

Most government security controls are based on NIST Special Publication 800-53 (http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf). There is some guidance within that document itself to define what they're referring to with the control.

@mike-davis said in running Webroot + Malwarebytes?:

I won't allow the free trial to be installed on client computers, so the paid version would be the only option. I was wondering more if having two products actively trying to scan files would end in contention issues. A manual scan kind of defeats the purpose in my mind.

I run both AV and Malwarebytes on lab equipment and some of my clients and never had a conflict.